United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/798,079 


03/1 1/2004 


Aaron Charles Newman 


AS2 


5342 



7590 03/06/2007 

Peter S. Canelias 

Law Offices of Peter S. Canelias 

Suite 2148 

420 Lexington Avenue 
New York, NY 10170 



EXAMINER 



KIM, PAUL 



ART UNIT 



PAPER NUMBER 



2161 



SHORTENED STATUTORY PERIOD OF RESPONSE 



MAIL DATE 



DELIVERY MODE 



3 MONTHS 03/06/2007 PAPER 

Please And below and/or attached an Office communication concerning this application or proceeding. 

If NO period for reply is specified above, the maximum statutory period will apply and will expire 6 MONTHS 
from the mailing date of this communication. 



PTOL-90A (Rev. 10/06) 



Office Action Summary 

m^ Www mw mm* * ■ mm 7 mm mm* ■ • mm* mm mm m m 


Application No. 

10/798,079 


Applicant(s) 

NEWMAN ET AL. 


Examiner 
Paul Kim 


Art Unit 
2161 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 



Period for Reply 
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DETAILED ACTION 

1. This Office action is responsive to the following communication: Amendment filed on 8 
December 2006. 

2. Claims 1-88 are pending and present for examination. Claims 1, 7, 14, 22, 31, 36, 40, 42, 50, 
53, 54, 60, and 64 are independent. 

Election/ Restrictions 

3. Applicant's election with traverse of Group 4, claims 22-30, in the reply filed on 8 December 2006 
is acknowledged. The traversal is on the ground(s) that "the examiner consider class 726 subclass 22" 
which would remove "any burden on the examiner" (See Amendment, page 24). This is not found 
persuasive because regardless of the classification of the claimed species, the claimed invention still 
comprises of multiple preferred embodiments. 

The requirement is still deemed proper and is therefore made FINAL. 

Information Disclosure Statement 

4. . The information disclosure statement (IDS) submitted on 11 March 2004 is in compliance with 
the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by 
the examiner. 

Claim Rejections - 35 USC § 101 

5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

6. Claims 22-30 are rejected under 35 U.S.C. 101 because the claimed invention is directed to 
non-statutory subject matter. The claims are directed toward *a method for detecting unauthorized 
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activity," and are non-statutory because they do not encompass tangible subject matter and/or 
embodiments which fall within a statutory category. 

The claims make no mention of a tangible medium wherein existing code may be processed to 
perform the recited steps in the claims. See State Street, 149 F.3d at 1373, 47 USPQ2d at 1601-02. 
MPEP 2106. "The claimed invention as a whole must accomplish a practical application. That is, it must 
produce a 'useful, concrete and tangible result' " (emphasis added). 



Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis 
for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use 
or on sale in this country, more than one year prior to the date of application for patent in the United States. 

8. Claims 22-23 are rejected under 35 U.S.C. 102(b) as being anticipated by Bapat et al (U.S. 
Patent No. 6,038,563, hereinafter referred to as BAPAT), filed on 25 March 1998, and issued on 14 March 
2000. 

9. As per independent claim 22, BAPAT teaches: 

A method for detecting unauthorized activity in a database application, the method 
comprising: 

monitoring for SQL statements executable in said database application and intended 
to perform activities not authorized by an SQL source {See bapat, Abstract, wherein 
this reads over "[a] user access request to access management information in the database is 
intercepted, and the access control procedure is invoked when the user access request is a select 
statement"; and C18:L19-27, wherein this reads over "every user query for information from the 
tables in the DBMS is checked by the SQL engine 286 against the access rights established by the 
access privileges module''}; 

actuating each discrete database event {See BAPAT, C18:L24-27, wherein this reads over 
w [u]ser queries requesting information from tables to which the user does not have access rights are 
rejected by the SQL engine"}; 

analyzing each event against a pre-defined set of detection rules {See bapat, C17:L15- 
19, wherein this reads over "a Security Alarm log 293 that is separate from the security audit trail 
192, where security alarms are generated and stored in the log only when there is a denial of object 

access"}- 
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The method according to claim 22, wherein said unauthorized activity is accessing data 
for which said SQL source has not been granted privileges {See bapat, ci8:L24-27, 
wherein this reads over w [u]ser queries requesting information from tables to which the user does not 
have access rights are rejected by the SQL engine"}. 

Claim Rejections - 35 USC §103 

11. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that.the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

12. Claims 24 and 26-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over BAPAT 
as applied to claims 22 and 23 above, and further in view of Rowland (U.S. Patent No. 6,405,318, 
hereinafter referred to as ROWLAND), filed on 12 March 1999, and issued on 11 June 2002. 

13. As per dependent claim 24, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is accessing data not using an authorized method," ROWLAND discloses a method 
wherein "[t]he user login is checked to determined if there are multiple concurrent logins for the same 
user" {See ROWLAND, C5:L10-20}. Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the above invention suggested by BAPAT by combining 
it with the invention disclosed by ROWLAND. That is, the inclusion of the disclosed invention in 
ROWLAND would provide a means for checking for multiple concurrent logins (i.e. an unauthorized 
method of access). 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

14. As per dependent claim 26, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is interfering with auditing settings," ROWLAND discloses a method wherein "[i]f a 
suspicious directory name is found 68, the control function is notified 55" {See ROWLAND, C6:L4-11}. 
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Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify the above invention suggested by BAPAT by combining it with the invention disclosed by 
ROWLAND. 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

15. As per dependent claim 27, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is interfering with audit records," ROWLAND discloses a method wherein "[t]he 
system checks to determined if the system audit records have been altered or are missing" {See 
ROWLAND, C6:L4t11}. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the above invention suggested by BAPAT by combining it with the 
invention disclosed by ROWLAND. 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

16. As per dependent claim 28, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is modifying configuration settings," ROWLAND discloses a method wherein a 
determination is made as to whether "the user's home directory contains one or more suspicious 
directories" {See ROWLAND, C5:L61-63}. Therefore, it would have been obvious to one of ordinary skill 
in the art at the time the invention was made to modify the above invention suggested by BAPAT by 
combining it with the invention disclosed by ROWLAND. 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

17. As per dependent claim 29, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is modifying security settings," ROWLAND discloses a method wherein "[t]he system 
examines the rhost file and other system authentication files to determine if dangerous security 
modifications to the host file have occurred" {See ROWLAND, C5:L53-56}. Therefore, it would have been 
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obvious to one of ordinary skill in the art at the time the invention was made to modify the above 
invention suggested by BAPAT by combining it with the invention disclosed by ROWLAND. 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

18. As per dependent claim 30, while BAPAT fails to expressly disclose a method "wherein said 
unauthorized activity is a use of an unauthorized tool to attempt to access said database application/' 
ROWLAND discloses a method wherein "[t]he port scan detector of the present invention alerts 
administrators that a person is actively looking for services on their host" using "a program that may 
either connect to all ports on the remote machine or deliberately pick one or more ports to search" {See 
ROWLAND, C6:36-67}. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the above invention suggested by BAPAT by combining it with the 
invention disclosed by ROWLAND. 

One of ordinary skill in the art would have been motivated to do this modification so that 
suspicious or malicious activity may be detected and prevented accordingly. 

19. Claim 25 is rejected under 35 U.S.C. 103(a) as being unpatentable over BAPAT as applied to 
claims 22 and 23 above, further in view of ROWLAND, as applied to claims 24 and 26-40 above, and 
further in view of Official Notice. 

20. As per dependent claim 25, while BAPAT and ROWLAND fail to expressly disclose a method 
"wherein said unauthorized activity is accessing data in a data dictionary not using an authorized 
method," the Examiner takes Official Notice that it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to provide security checks for unauthorized activity in a data 
dictionary. 
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Conclusion 



21. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Paul Kim whose telephone number is (571) 272-2737. The examiner can normally be 
reached on M-F, 9am - 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Apu 
Mofiz can be reached on (571) 272-4080. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Paul Kim 

Patent Examiner, Art Unit 2161 

TECH Center 2100 ^✓T/U 




